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WHAT IS CLAIMED IS: 
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\1 . In a data processing system, a method comprising the steps of: 
creating a migratable storage tree with a storage root key; and 
creating a non-migratable storage tree with the storage root key, wherein the 
migratable storage tree and the non-migratable storage tree are identically structured. 

2 Td$ method as recited in claim 1 , wherein the migratable storage tree and the 
non-migratable storage tree are created by a trusted computing module in accordance 
with Trusted Computing Platform Alliance. 
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3. The method as recited in claim 1 , wherein the migratable storage tree 
comprises migrataWe keys and a user key, wherein the non-migratable storage tree 
comprises non-migratable keys and a user key: 



1 4. The method as recited in claim 1 , wherein the non-migratable storage tree will 

2 include non-migratable storage keys corresponding to each migratable storage key in 

3 the migratable storage tree. 
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5. The method as recited in. claim 1 , wherein use authorization in the 
non-migratable storage tree will b\ identical to use authorization in the migratable 
storage tree. 



- 16- 



RPS9-2000-0400 

1 6. \ The method as recited in claim 1 , further comprising the steps of: 

2 Vequesting a migratable storage key; and 

3 requesting a non-migratable storage key. 

1 7. The method as recited in claim 6, wherein the step of requesting a migratable 

2 storage key will identify a parent key in the migratable storage tree, and wherein the 

3 step of requesting a non-migratable storage key will identify a parent key in the 

4 non-migratable storage tree that corresponds to the parent key in the migratable 

5 storage tree. \ 

1 8. The method as retited in claim 1 , further comprising the step of: 

2 when a key loadingyrequest is made for a migratable storage key, loading a key 

3 from the non-migratable storage tree instead of loading a corresponding key from the 

4 migratable storage tree. \ 
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9. In a data processing system, a method comprising the steps of: 
\ splitting a request to create a new migratable storage 

kewvith given authentication data and a first parent key into first and second 
commands; 

\vherein the first command creates a migratable storage key with the given 
authentication data and the first parent key; and 

whVein the second command requests creating a non-migratable storage key 
with the giveh authentication data and a second parent key which is determined from 
looking up a koy that corresponds to the first parent key in a database. 

10. The methoa recited in claim 9, wherein the migratable storage key and the 
non-migratable storage key are associated in a database. 

1 1 . The method recited in claim 9, wherein the non-migratable key is a multi- 
prime key. \ 



12. The method recited in\laim 9, where the non-migratable key is an elliptic 
curve key. 
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1 \l3. The method as recited in claim 9, further comprising the steps of: 

2 \ creating a new migratable signing key with the given authentication data and a 

3 thiM parent key; 

4 \ storing the new migratable signing key with the given authentication data and 

5 the thitd parent key; 

6 storing the new migratable signing key with the given authentication data and 

7 a fourth aarent key where the fourth parent key is a non-migratable key associated 

8 with the third parent key in a database. 

1 14. The method as recited in claim 1 3, further comprising the steps of: 

2 requesting a signature by the new migratable signing key; 

3 searchinAthe database for the location of a key blob containing the new 

4 migratable signingMcey; 

5 loading a coW of the new migratable signing key stored in the key blob 

6 created with the non-migratable parent key; and 

7 signing with thcWw migratable signing key. 

1 15. The method as recited in claim 9, further comprising the steps of: 

2 creating a new data stored by means of the first parent key; 

3 storing the new data with the first parent key; 

4 storing the new data witK the second parent key where the second parent key is 

5 a non-migratable key associated with the third parent key in a database. 
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The method as recited in claim 1 5, further comprising the steps of: 
requesting data stored by the new migratable storage key; 
marching the database for the location of a key blob associated with the new 
migratableSstorage key; 

loading a copy of the key blob created with the non-migratable storage 
key; and 

decrypting the data. 

17. The method ^ recited in claim 14, further comprising the steps of: 
requesting migrMion of new migratable signing keys; 
searching the datac^ase for the location of a key blob associated with a non- 
migratable parent of the key^to be migrated; 
processing the migratic 
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In a data processing system, a method comprising the steps of: 
creating a migratable storage tree with a storage root key; and 
creating a non-migratable storage tree with the storage rootkey where the . 
migratM)le storage tree and the non-migratable storage tree are identically structured 
with corresponding keys and authentication data. 

1 9. The method as recited in claim 18, wherein the migratable storage tree and 
the non-migratable storage tree are created by a trusted computing module 

in accordance with Trusted Computing Platform Alliance. 

20. The methoavas recited in claim 19, wherein the migratable storage tree 
comprises migratableSkeys and a user key, wherein the non-migratable storage tree 
comprises non-migrataMe keys and a user key. 
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2 1 . The method reciteain claim 1 8, wherein the migratable storage tree 
comprises migratable keys and encrypted user data wherein the non-migratable 
storage tree comprises non-migratable keys and encrypted user data . 
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22 The method as recited in cVm 18, wherein the non-migratable storage 
tree will include non-migratable storage keys corresponding to each migratable 
storage key in the migratable storage Vee. 
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^3. The method as recited in claim 1 8, wherein the non-migratable storage tree 
will include non-migratable storage keys corresponding to a subset of the migratable 
storage keys in the migratable storage tree. 

24. T\he method as recited in claim 1 8, wherein use authorization in the non- 
migratableNstorage tree will be identical to use authorization in the migratable storage 
tree. \ 

25. The method as recited in claim 18, wherein use authorization in the non- 
migratable storagfe tree can be deduced from user authorization in the migratable 
storage tree with additional data. 

26. The method asVecited in claim 25, wherein the use authorization in the non- 
migratable storage tree ft obtained by hashing the concatenation of the user 
authorization in the migrarable storage tree with a fixed string. 
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